Accepting request 948077 from home:ecsos:server

- Update to 5.1.2
  This is a security and bufix release.
  * Security
    - Fix (CVE-2022-23807, PMASA-2022-1, CWE-661) 
      Two factor authentication bypass
    - Fix (CVE-2022-23808, PMASA-2022-2, CWE-661)
      Multiple XSS and HTML injection attacks in setup script
  * Bugfixes
    - Revert a changed to $cfg['CharTextareaRows'] allow values
      less than 7
    - Fix encoding of enum and set values on edit value
    - Fixed possible "Undefined index: clause_is_unique" error
    - Fixed some situations where a user is logged out when working
      with more than one server
    - Fixed a problem with assigning privileges to a user using the
      multiselect list when the database name has an underscore
    - Enable cookie parameter "SameSite" when the PHP version
      is 7.3 or newer
    - Correctly handle the removal of "innodb_file_format" in
      MariaDB and MySQL

OBS-URL: https://build.opensuse.org/request/show/948077
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=370
This commit is contained in:
Eric Schirra 2022-01-22 10:13:19 +00:00 committed by Git OBS Bridge
parent b4b9d8801a
commit a5aba848d7
6 changed files with 46 additions and 22 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1964d7190223c11e89fa1b7970c618e3a3bae2e859f5f60383f64c3848ef6921
size 7751820

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmC5q30ACgkQznUvF4JZ
vZL+6RAAsXf6ALbX1uyajavyOCuji1MGXaX9F2qmRNTy1CQlSmbHw2fUsgBWHdhu
t8B03SxsUcZy1xxDtC845f+guTZIWPXJvXYKs8RpmoUbDl6mX6faESGqepG7136F
3xhl+o5wesxvESMKCdJLZe6oJugTgkFLb2zpxp32VGp+Xs5gBhmoBSvnCOdDrFSV
pZpPtS8YPnKxxSNAEDhKJfs/G0aSaXVpe7/Nht+/P20HePbcAvImRc4GYmYrgWDo
8d/hQHvfXq0XkyPoDHGtESeAYyslqTuhIjXEPF0J5g+aaoQP687N809S6v+3EUyu
BFMFuN0v45Uu0xgShPGiWA1dRpxQHBOYajZKzTo+EasQN3tlChCUitNSqXAxSrz3
IqaL13vblNQpIB4qmfS4cFgXGZ2TWIZUULujE/4tVga3x1OTf5LA5WBSyywUYfM4
VzbvLB+RJ3KXbFywhBihO+zdqiJqdGTf1T3KQyi2ub8s9J3QtIGtAwp9ycQSOQkb
InVqZ2DufidrrSU6UsHp97FPufnJFi2aEL2m13dTDwP88ajZDRAS6QW6dRBsYFg8
xX65IvSIDkb5NXRV03osRdvom3HgpW134dUJxBQInA1P+Wdk15ELPl5OQy7JBX/9
ptBkUMm995Tow3GQtytf80w3Ys7y0E28xgBfRdetiBtgmtm0SW4=
=CzRM
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3aaaa86ded6308f511f67a907c0d7d6096e1dc2a8ae05581ba55a2510abde1e4
size 7033032

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAmHpj8oACgkQznUvF4JZ
vZK5AA//R2lyW+cWYcJACcOoncAuzNxj9Y3Yyj4D5M0XTgR7J/D5c4ksfWvWu5oG
ocEsdBDWF0FRtosAfSHcEty/JNV7AWghhDx9AblqSSIM60Oe12zxyYhDW8RXDgcL
iH8yFpsyPfqnZlL1BFdnjh7FHKz8l/4arNyg3ZpImTm8hS6vyknFC4pf6jj/uhyQ
a1YWc3HCckgw4ZCrAVehGZvI/ZMoa1DhPHmfJfgflag9frPEXmdMOF3LxQU8L5qL
astW/jb9Ku9+L8pMJbS4MU5IzDxWNQ8x2lrjyIsZoK4MIf5KtiUlqP72oO+Vwm/Y
Mq5sdG3VXhCkEkffCP0zg69rZenHBr+gaN/2VcFc2raND8WhXpmvT2fu5txxDn9I
gDuktSWZS7eVviJj1rx9yd3a1fQWs/03VjD4+nao9EmBhmo8aTxaFkVjE6vJfO02
GWuNAUHjpSHimbRJRjjDvXOUu+IdhonP1ctta1kPljx0iDPZrPnJw/Htcu0oNq97
1uoFNYPXuMku0xszRnI/uAGBzOP48i5EFYHYSOaKsUG9S1pKGLCvwFWTFNirxQKj
17AO8k356r7D8EOkpZPtu/RWipXn2Wr5uq7TA5rqEgLSw/wGFsXrKZzhx+0gjG0/
WYYLU9iduQnD/30ZEYDWuS9nnwx/x/uDkGCg+SU+SnLPEu3I89k=
=eK6E
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Sat Jan 22 09:39:12 UTC 2022 - ecsos <ecsos@opensuse.org>
- Update to 5.1.2
This is a security and bufix release.
* Security
- Fix (CVE-2022-23807, PMASA-2022-1, CWE-661)
Two factor authentication bypass
- Fix (CVE-2022-23808, PMASA-2022-2, CWE-661)
Multiple XSS and HTML injection attacks in setup script
* Bugfixes
- Revert a changed to $cfg['CharTextareaRows'] allow values
less than 7
- Fix encoding of enum and set values on edit value
- Fixed possible "Undefined index: clause_is_unique" error
- Fixed some situations where a user is logged out when working
with more than one server
- Fixed a problem with assigning privileges to a user using the
multiselect list when the database name has an underscore
- Enable cookie parameter "SameSite" when the PHP version
is 7.3 or newer
- Correctly handle the removal of "innodb_file_format" in
MariaDB and MySQL
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Jun 5 10:33:05 UTC 2021 - ecsos <ecsos@opensuse.org> Sat Jun 5 10:33:05 UTC 2021 - ecsos <ecsos@opensuse.org>

View File

@ -1,7 +1,7 @@
# #
# spec file for package phpMyAdmin # spec file for package phpMyAdmin
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2022 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -25,7 +25,7 @@
%define apache_group nogroup %define apache_group nogroup
%endif %endif
Name: phpMyAdmin Name: phpMyAdmin
Version: 5.1.1 Version: 5.1.2
Release: 0 Release: 0
Summary: Administration of MySQL over the web Summary: Administration of MySQL over the web
License: GPL-2.0-or-later License: GPL-2.0-or-later